package com.qf.shiro2204.order.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.HashMap;

@RestController
@RequestMapping("/order")
public class OrderController {

    // 需要当前用户同时拥有 "admin","user" 两个角色才能进入这个方法
    @RequiresRoles({"admin","normal"})
    @RequiresPermissions("order:insert")
    @GetMapping("/s")
    public HashMap<String,Object> save(){

        System.out.println("OrderController->save");

        HashMap<String, Object> map = new HashMap<>();
        map.put("code",1);
        map.put("msg","ok");

        return map;
    }



    @GetMapping("/m")
    public HashMap<String,Object> manage(){

        System.out.println("OrderController->manage");

        // 判断当前登录用户是否具有 admin 角色
        Subject subject = SecurityUtils.getSubject();
        boolean hasRole = subject.hasRole("admin");

        HashMap<String, Object> map = new HashMap<>();
        if (hasRole){
            // 有admin角色
            map.put("code",1);
            map.put("msg","ok");
        }else {
            map.put("code",-1);
            map.put("msg","权限不足");
        }
        return map;
    }

}
